A non-exhaustive list of topics to be covered include:
- Information Gathering – OSINT, DNS, SNMP etc.
- Pentesting Network Components – Router, Switch, Firewall, IDS/IPS
- Pentesting Windows Environments – domain controllers, pass-the-hash, active directory etc.
- Pentesting Linux Environments
- Pentesting Mobile Application Backends
- Attacking via the DMZ – Web, Email etc.
- Post Exploitation on Windows, Linux and Mobile OSs
- Data Exfiltration – tools and techniques
- Privilege Escalation on Windows and Linux
- Keeping Access – Backdoors and Rootkits
- Web Application vulnerability to Shell
- Scenario based Pentesting
- Social Engineering Attacks – JAVA Applets, HID devices etc.
- AV Evasion Techniques
- Firewall and IDS Evasion
- … additions will happen based on student feedback